Hard Coded Password Vulnerability in TOTOLINK A3100R Router
CVE-2022-29645

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A3100r Firmware
Vendor: CVE Published:; 18 May 2022

What is CVE-2022-29645?

A vulnerability exists in the TOTOLINK A3100R router due to the presence of a hard coded root password stored in the /etc/shadow.sample file. This issue could allow unauthorized access to the device, making it susceptible to potential exploitation. The specific router versions affected by this vulnerability include V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129, highlighting the need for users to review their device configurations and apply necessary security measures.

References

https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Apr 25, 2022

Totolink

What is CVE-2022-29645?

References

CVSS V3.1

Timeline